IBM Launches Services to Combat Worm and Virus Threats
IBM Research to Arm Consultants With Intrusion Detection Tools and Expertise
YORKTOWN HEIGHTS, NY, and ZURICH, SWITZERLAND - 27 Mar 2006: IBM today announced new intrusion detection capabilities to help clients detect, prevent and analyze hacker attacks.
IBM researchers have designed a novel intrusion detection tool, code named “Billy Goat,” that not only provides early detection of worm attacks but also greatly reduces the false alarm rate. The tool masquerades as a collection of servers on the network. Actual servers do not communicate with Billy Goat, but criminals who randomly attack servers are likely to stumble over it. As soon as Billy Goat gets attacked it quickly identifies the attacking systems and fences them off -- effectively isolating worms and viruses before they can propagate much further.
“Integrity of financial transactions, confidentiality within a virtual enterprise, privacy of customer data and availability of critical infrastructure all depend on strong security mechanisms,” said Peggy Kennelly, vice president of IBM’s On Demand Innovation Services. “IBM Research and Business Consulting Services work together to offer world-class solutions to everyday security threats that make sense for your business, whether you have 100 employees or 100,000.”
Due to the strain on systems administrators during attacks, the most important property of any intrusion detection system is that it is free from the high rate of false alarms produced by many other sensors. The Billy Goat system minimizes false alarms through the use of a novel architecture that combines an extensive view of the network, spoofed service interaction with potential attackers, and a clear focus on detecting automated attacks.
“Billy Goat uses a unique approach to detect malicious software by responding to requests sent to unused IP addresses, presenting what from a worm’s-eye view looks like a network full of machines and services,” says Dr. James Riordan, the lead designer of the system at IBM’s Zurich Research Lab. “In other words, Billy Goat creates a virtual environment for the worms. Such virtualization, by providing feigned services as well as recording connection attempts, helps Billy Goat trick worms into revealing their identity. This method allows the system to reliably and quickly identify worm-infected machines in a network.”
One of the greatest threats to security has come from automatic, self-propagating attacks such as viruses and worms. These attacks scan networked servers at random until they are able to place a harmful program on a server using a maliciously crafted request. The program uses the now-infected server as a base from which to attack other servers. The direct result is rapid exponential growth in the number of attacks leading to load-induced network failure.
While the presence of these attacks is by no means new, the damage that they are able to inflict and the speed with which they are able to propagate have grown. Effective implementation of intrusion detection systems and techniques, such as Billy Goat, allows security problems to be identified before major damage occurs.
The technology is being made available through IBM’s On Demand Innovation Services (ODIS), the partnership between IBM Research and Business Consulting Services (BCS), to help clients tap into the deep technical expertise of IBM Research along with the business insight of IBM’s consultants. The ODIS team offers security and privacy services related to biometrics, digital rights management, identity management, intrusion prevention, privacy protection and secure systems.
IBM is the world’s largest information technology company, with 80 years of leadership in helping businesses innovate. Drawing on resources from across IBM and key Business Partners, IBM offers a wide range of services, solutions and technologies that enable customers, large and small, to take full advantage of the new era of e-business. For more information about IBM, visit www.ibm.com
- Contact Information
- Steven Tomasco
- IBM Media Relations
- Contact via E-mail
This news content was configured by WebWire editorial staff. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.